On 02/05/2010 12:42, André Warnier wrote: > Mark Thomas wrote: >> On 02/05/2010 09:57, Bytecode wrote: >>> According to Tomcat docs, the purpose of maxPostSize is: >>> >>> The maximum size in bytes of the POST which will be handled by the >>> container FORM URL parameter parsing. The limit can be disabled by >>> setting this attribute to a value less than or equal to 0. If not >>> specified, this attribute is set to 2097152 (2 megabytes). >>> >>> Now the question is what's meant by "the container FORM URL parameter >>> parsing"? What's a FORM URL? What's the container's FORM URL >>> parameter parsing? Also, what is a possible use case of this parameter? >> >> It limits the size of data that will be processed automatically by >> Tomcat for a POST request where the content type is >> application/x-www-form-urlencoded. See section 3.1.1 of the Servlet 3.0 >> spec. >> >> If the application parses the data then, regardless of content type, the >> limit does not apply. >> > Does this mean that at the Tomcat container level, there is no way to > avoid Tomcat accepting a POST of more than a certain size ?
Yes this can be avoided. If Tomcat is processing the POST as per 3.1.1 of the Servlet 3.0 spec, then the limit is set by maxPostSize. If an application is processing the POST then the application controls how many bytes will be read. If the applciation is written so it reads an unlimited number of bytes then that is the application's problem. > While apparently not mandated by the Servlet Spec, this /could/ be > regarded as a weakness, no ? There is no weakness here. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
